Wir haben mit unserer Firma eine weitere Firma gekauft, getrennte Domäne, keine Vertrauensstellung.
Beide Firmen sollen jedoch von der gleichen IT Abteilung Supportet werden. Demnach sind von der zweiten Domäne keine weiteren Agenten notwendig.
Seitdem ich die andere Firma bei uns aufgenommen habe, findet das OTRS nicht mehr alle Benutzer. Es sind User aus Domäne 1 nicht mehr bei den Kunden auffindbar. Das einzige was ich im OTRS Log finden kann ist die Fehlermeldung "LDAP size limit exceeded".
Ich habe mich dann natürlich auch etwas schlau gemacht, in manchen Threads hieß es man muss in der LDAP.pm die CustomerUserSearchListLimit erhöhen. Hab ich zum testen mal von 200 auf 20000 erhöht jedoch ohne Veränderung.
Ich habe auch mal etwas davon gelesen, dass man AD-seitig dieses Limit erhöhen kann, jedoch würde mich mal interessieren ob jemand Fehler in meiner Config.pm finden kann. Mein Windows Admin ist nämlich noch nicht so ganz überzeugt....
[Thu Apr 4 16:15:43 2019][Debug][Kernel::System::CustomerUser::LDAP::CustomerSearch][411] LDAP size limit exceeded (Sizelimit exceeded).
Freue mich über jegliche Art von Hilfe.
Code: Select all
package Kernel::Config;
use strict;
use warnings;
use utf8;
sub Load {
my $Self = shift;
# ---------------------------------------------------- #
# database settings #
# ---------------------------------------------------- #
# The database host
$Self->{'DatabaseHost'} = '127.0.0.1';
# The database name
$Self->{'Database'} = "****";
# The database user
$Self->{'DatabaseUser'} = "****";
# The password of database user. You also can use bin/otrs.CryptPassword.pl
# for crypted passwords
$Self->{'DatabasePw'} = '****';
# The database DSN for MySQL ==> more: "perldoc DBD::mysql"
$Self->{'DatabaseDSN'} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost}";
# ---------------------------------------------------- #
# fs root directory
# ---------------------------------------------------- #
$Self->{Home} = '/opt/otrs';
$Self->{LogModule} = 'Kernel::System::Log::File';
$Self->{'LogModule::LogFile'} = '/var/log/otrs.log';
#--------------------------------------------------------------------------------------------
# Firma1 #
#--------------------------------------------------------------------------------------------
#--------------------------------------------------------------------------------------------
# Agenten Authentifizeirung #
#--------------------------------------------------------------------------------------------
$Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host1'} = 'firma1.local';
$Self->{'AuthModule::LDAP::BaseDN1'} = 'dc=firma1,dc=local';
$Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::GroupDN1'} = 'CN=GG-***-ACL-OTRS,OU=Gruppen,OU=STANDORT,DC=firma1,DC=local';
$Self->{'AuthModule::LDAP::AccessAttr1'} = 'member';
$Self->{'AuthModule::LDAP::SearchUserDN1'} = 'user@firma1.local';
$Self->{'AuthModule::LDAP::SearchUserPw1'} = '*****';
#--------------------------------------------------------------------------------------------
# Kunden Authentifizeirung #
#--------------------------------------------------------------------------------------------
$Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host1'} = 'firma1.local';
$Self->{'Customer::AuthModule::LDAP::BaseDN1'} = 'DC=firma1,DC=local';
$Self->{'Customer::AuthModule::LDAP::UID1'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN1'} = 'user@firma1.local';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw1'} = '******';
#--------------------------------------------------------------------------------------------
# Kundendaten #
#--------------------------------------------------------------------------------------------
$Self->{CustomerUser1} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'firma1.local',
BaseDN => 'DC=firma1,DC=local',
SSCOPE => 'sub',
UserDN => 'user@firma1.local',
UserPw => '******',
AlwaysFilter => '(&(objectclass=user)(mail=*@firma1.de))',
},
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
# [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
# [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
#--------------------------------------------------------------------------------------------
# Ende #
#--------------------------------------------------------------------------------------------
#--------------------------------------------------------------------------------------------
# Firma2 #
#--------------------------------------------------------------------------------------------
#--------------------------------------------------------------------------------------------
# Kunden Authentifizeirung #
#--------------------------------------------------------------------------------------------
$Self->{'Customer::AuthModule2'} = 'Kernel::System::Auth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host2'} = 'Firma2.de';
$Self->{'Customer::AuthModule::LDAP::BaseDN2'} = 'DC=Firma2, DC=de';
$Self->{'Customer::AuthModule::LDAP::UID2'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::GroupDN2'} = 'DC=Firma2, DC=de';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN2'} = 'user@Firma2.de';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw2'} = '******';
#--------------------------------------------------------------------------------------------
# Kundendaten #
#--------------------------------------------------------------------------------------------
$Self->{CustomerUser2} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'Firma2.de',
BaseDN => 'DC=Firma2, DC=de',
SSCOPE => 'sub',
UserDN => 'user@Firma2.de',
UserPw => '******',
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
},
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['givenname', 'sn', 'sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['givenname', 'sn', 'sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'sAMAccountName', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
# [ 'UserAddress', 'Ort', 'l', 1, 1, 'var' ],
# [ 'UserComment', 'Company', 'company', 1, 1, 'var' ],
],
};
delete $Self->{"Daemon::SchedulerCronTaskManager::Task"}->{"OTRSBusinessAvailabilityCheck"};
delete $Self->{"Daemon::SchedulerCronTaskManager::Task"}->{"OTRSBusinessEntitlementCheck"};
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# end of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
}
# ---------------------------------------------------- #
# needed system stuff (don't edit this) #
# ---------------------------------------------------- #
use base qw(Kernel::Config::Defaults);
# -----------------------------------------------------#
#
1;